february, 2020

tue04feb2:00 pm5:00 pmSecure Cloud Application Development through Security Service Level AgreementTutorial2:00 pm - 5:00 pm Aula 155/4, Facoltà Di Ingegneria | Via Brecce Bianche, 12Track:06.Tutorial | Feb 4


Event Details



Prof. Massimiliano Rak associate professor at University of Campania Luigi Vanvitelli. His scientific activity is mainly focused on the analysis and design security and performance in System Architectures. He actively participate to international research groups and was member of several EU, National and Regional funded projects, moreover, he coordinated the SPECS FP7 European project. Massimiliano Rak has published more than 150 papers in conferences, books and international journals.


Alessandra De Benedictis is an Assistant Professor at the Department of Electrical Engineering and Information Technology of the University of Naples Federico II, where she got her PhD degree in Computer and Automation Engineering in 2013. She has been working on the design and evaluation of secure architectures for the protection of distributed resource-constrained devices and she has recently started working on the negotiation and dynamic enforcement of security in clouds through the adoption of service level agreements.

Short Description


Recent software development methodologies, as DevOps or Agile, are very popular and widely used, especially for the development of cloud services and applications, they can be hardly integrated with security design and risk management methodologies. Security techniques cannot easily automated and require big economic investments, due to the necessity of security experts in the development team and to the lack of automatic tools to evaluate risk and to assess security in the design and operation phases. This Tutorial aims at illustrating the techniques and tools developed in the context of SPECS and MUSA European projects that support the development of cloud application through a novel Security-by-Design methodology based on Security Service Level Agreements (SLAs). The technique illustrated in the tutorial will cover (semi-) automated risk analysis, Security assessment and security SLA evaluation. During the tutorial a simple and practical example of cloud application will be illustrated and developed. Participants will be invited to contribute to the development and check and use the tools.


Structure of the tutorial


The tutorial consists in 6 blocks of 30 minutes, 3 of them with oral speechs and 3 of them with hands on the tools.

  • Module 1 (speech): security SLA Model and Concepts
  • Module 2 (hands on): Security SLA Evaluation and security SLA of existing CSPs
  • Module 3 (speech): SLA-based Security-by-Design Development Process
  • Module 4 (hands on): Application Model and Automated Risk Analysis
  • Module 5 (speech): Security Assessment procedure
  • Module 6 (hands on): Security Assessment of a simple cloud application


Intended Audience


The target audience should have basic security competences. Competences on cloud technologies are welcome.


(Tuesday) 2:00 pm - 5:00 pm


Aula 155/4

Facoltà Di Ingegneria | Via Brecce Bianche, 12

No Comments

Post A Comment